Prosody with relayd(1) TLS termination

15 views
Skip to first unread message

Emma Tebibyte

unread,
Mar 25, 2025, 11:15:56 AMMar 25
to prosod...@googlegroups.com
I have been working on getting my prosody installation behind the
relayd(1) reverse proxy on OpenBSD. Everything seems to be in order
except that prosody won’t let me use unencrypted authentication. My
configuration file explicitly disables TLS and contains the following:

allow_unencrypted_plain_auth = true

c2s_ports = { 5323 }
c2s_interfaces = { "127.0.0.1" }
c2s_require_encryption = false

s2s_ports = { 5370 }
s2s_interfaces = { "127.0.0.1" }
s2s_require_encryption = false
s2s_secure_auth = false


The relayd(1) configuration for this looks like this:

relay xmpp_c2s {
listen on wg port 5223 tls
protocol "xmpp"

forward to <prosody> port 5323
}

relay xmpp_s2s {
listen on wg port 5270 tls
protocol "xmpp"

forward to <prosody> port 5370
}

I can’t figure this one out. Does anyone have any pointers?

--
Emma Tebibyte (fae/faer)
http://tebibyte.media/~emma

Reply all
Reply to author
Forward
0 new messages